IPv6 in Cellular Networks LACNIC 28 Montevideo, Uruguay - - PowerPoint PPT Presentation

• 1

IPv6 in Cellular Networks

LACNIC 28 Montevideo, Uruguay September 2017

Jordi Palet (jordi.palet@theipv6company.com)

• 2

Need to support IPv6

• IPv4 exhaustion

– Sharing IPv4 (CGN) is not enough and is problematic

• Increase in number of users
• Increase in number of devices per user (and also

tethering)

• Increase in number of addresses per device (VMs,
• ther reasons)
• VoLTE/IMS
• IoT
• LONG TERM STRATEGY

• 3

The best solution: Dual-Stack!

IPv6 Application

TCP/UDP IPv6 TCP/UDP IPv6 TCP/UDP IPv4 IPv4 IPv6 IPv4 IPv6-only stack IPv4-only stack Dual-stack (IPv4 & IPv6)

IPv6 Application IPv4 Application IPv4 Application

• 4

Sure ?

• Do you have enough IPv4 addresses?

– Not just for now, next years?

• O&M cost?
• Call-center impact?
• Performance?
• Licenses?
• Issues authenticating 2 addresses?

GGSN

IPv4 network IPv6 network

(Peer) Node

UE

2G / 3G mobile network Edge Router IP (Peer) Node

• 5

Alternatives to Dual-Stack

• IPv6-only
• IPv6-only with NAT64
• IPv6-only with NAT64 and DNS64
• 464XLAT
• Other transition technologies

• 6

So … IPv6-only?

• Many examples in content providers
• FaceBook is one of them
• Datacenters are IPv6-only

– Started in 2014, internal traffic was 90% IPv6 – +100 Terabits per second – 100% IPv6 in June 2015 – Allows using FaceBook in IPv6-only networks and clients – IPv4 (from Internet) terminated in the IPv6-only clusters

• RFC1918 space for IPv4 BGP sessions
• Later on use RFC5549

– Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop

• IPv4 in IPv6 tunneling, for IPVS (IP Virtual Server)
• IPv4 link-local (169.254.0.0/16) for Linux and switches

• 7

IPv6-only in the cellular net

• Not an option today
• Users will be able to access IPv6-only contents and apps

– However no access to IPv4-only ones – IPv4-only tethered devices will not work

• 8

NAT64 (1)

• Problem: When ISPs only provide IPv6 connectivity
• r devices are IPv6-only (cellular)

– but there are still IPv4-only contents/apps in Internet

• Similar idea as NAT-PT, but working better
• Several IPv6-only nodes share a public IPv4

address to access IPv4 Internet

• NAT64 is a mechanism to translate IPv6 packets to

IPv4 and vice versa

• Translation is carried out in packet headers following

the IP/ICMP Translation Algorithm [RFC7915][RFC6146]

• Current specification only defines how NAT64

translates unicast TCP, UDP, and ICMP packets

• 9

NAT64 (2)

• IPv4 addresses of hosts is algorithmically translated

to/from IPv6 addresses using a specific algorithm [RFC6052]

• It’s based on statically configured information,

including a well known prefix

• A well-known prefix is defined (64:ff9b::/96), another

could be used

• 10

NAT64 (3)

• It’s known that there are things that doesn’t work:

– Everything out of TCP,UDP, or ICMP: Multicast, Stream Control Transmission Protocol (SCTP), the Datagram Congestion Control Protocol (DCCP), and IPSEC – Applications that carry layer 3 information in the application layer: FTP [RFC6384], SIP/H323 – Some apps: online gaming, skype, etc.

• Peer-to-peer using IPv4 “references”

– Literal addresses – Socket APIs

• 11

NAT64

CPE Internet IPv4 ISP network NAT64 10.0.0.x/24 NAT64 CPE v4 v4 v6 v4/v6 Internet IPv6 ”plain” IPv6 IPv6-only access

Public IPv4

AAAA

synthesis

NAT64

• 12

IPv6-only with NAT64

• Only valid if UE supports it

– By means of “built-in” AAAA synthesis

• RFC7050 (Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis) + RFC6052 (IPv6

Addressing of IPv4/IPv6 Translators)

– Happy Eyeballs v2 includes it

• For the rest of the cases

– Users will be able to access IPv6-only contents and apps

• However no access to IPv4-only ones
• IPv4-only tethered devices will not work

• 13

DNS64

• DNS64 is a mechanism to synthesize RRs of type

AAAA from A RRs [RFC6147]

• IPv6 addresses in synthesized AAAA is generated

from IPv4 address and the IPv6 prefix assigned to the NAT64 device [RFC6052]

• When there is an AAAA query, it asks outside for A

and AAAA RRs. If only receives an A, converts it into an AAAA

• Hosts see the host as IPv6 reachable, with the

synthesized IPv6 address

• 14

NAT64+DNS64

CPE Internet IPv4 ISP network NAT64 10.0.0.x/24 NAT64 CPE v4 v4 v6 v4/v6 Internet IPv6 ”plain” IPv6 IPv6-only access

Public IPv4

DNS64

NAT64

• 15

Stateful NAT64

IPv6-only network

v6

IPv4 Internet

NAT64 DNS64 DNS v4 IPv6 Traffic IPv4 Traffic

• Allow an IPv6-only network to connect to IPv4

Internet

• 16

IPv6-only with NAT64+DNS64

• All good ?
• NOT really …

– Will break if apps use:

• Literal addresses
• Socket APIs

– IPv4-only tethered devices will not work

• 17

NAT64 breaks …

App Name Functionality Version 464XLAT Fixed connection tracker Broken NA NA DoubleTwist Broken 1.6.3 YES Go SMS Pro Broken NA YES Google Talk Broken 4.1.2 YES Google+ Broken 3.3.1 YES IP Track Broken NA NA Last.fm Broken NA YES Netflix Broken NA YES

• oVoo

Broken NA YES Pirates of the Caribean Broken NA YES Scrabble Free Broken 1.12.57 YES Skype Broken 3.2.0.6673 YES Spotify Broken NA YES Tango Broken NA YES Texas Poker Broken NA YES TiKL Broken 2.7 YES Tiny Towers Broken NA YES Trillian Broken NA YES TurboxTax Taxcaster Broken NA Voxer Walkie Talkie Broken NA YES Watch ESPN Broken 1.3.1 Zynga Poker Broken NA YES Xabber XMPP Broken NA

*T-Mobile

• 18

464XLAT

• 464XLAT (RFC6877): RFC6145 + RFC6146
• Very efficient use of scarce IPv4 resources

– N*65.535 flows per each IPv4 address – Network growth not tied to IPv4 availability

• IPv4 basic service to customers over an-IPv6 only

infrastructure

– WORKS with applications that use socket APIs and literal IPv4 addresses (Skype, etc.)

• Allows traffic engineering

– Without deep packet inspection

• Easy to deploy and available

– Commercial solutions and open source

• 19

464XLAT

CPE CLAT Internet IPv4 ISP network NAT64 PLAT 10.0.0.x/24 NAT64 PLAT CPE CLAT 10.0.0.x/24 v4 v4 v4 v4/v6 Internet IPv6 “plain” IPv6 IPv6-only access

NAT46 Public IPv4

DNS64

NAT64

• 20

How it works 464XLAT?

CLAT PLAT

ISP + IPv6 Internet

Public IPv4 Private IPv4

IPv4 Internet IPv4 + IPv6

IPv4 IPv6

IPv6 IPv6

Stateless (4->6) [RFC6145] Stateful (6->4) [RFC6146]

CLAT: Customer side translator (XLAT) PLAT: Provider side translator (XLAT)

IPv4 IPv6

• 21

Possible “app” cases

ISP IPv6-only IPv6-only Internet 464XLAT ISP IPv6-only IPv4-only Internet 464XLAT

PLAT

DNS64/NAT64 ISP IPv6-only IPv4-only Internet 464XLAT

PLAT 6->4 CLAT 4->6

• 22

464XLAT Addressing

CLAT PLAT

ISP + IPv6 Internet

200.3.14.147 192.168.2.3

IPv4 Internet IPv4 + IPv6

IPv4 IPv6

IPv6 IPv6

CLAT XLATE SRC prefix [2001:db8:abcd::/96] XLATE DST prefix [2001:db8:1234::/96] PLAT IPv4 pool (192.1.0.1 – 192.1.0.250) XLATE DST prefix [2001:db8:1234::/96] IPv4 IPv6 2001:db8:abcd::ab 2001:db8:dada::bb IPv4 SRC 192.168.2.3 IPv4 DST 200.3.14.147 Stateless XLATE [RFC6145] Stateful XLATE [RFC6146] IPv6 SRC 2001:db8:abcd::192.168.2.3 IPv6 DST 2001:db8:1234::200.3.14.147 IPv4 SRC 192.1.0.1 IPv4 DST 200.3.14.147

• 23

Simplicity

* Dan Drown

• 24

Availability and Deployment

• NAT64:

– A10 – Cisco – F5 – Juniper – NEC – Huawei – Jool, Tayga, Ecdsys, Linux, OpenBSD, …

• CLAT

– Android (since 4.3) – Nokia – Windows – NEC – Linux – Jool – OpenWRT – Apple (sort-of, is Bump-in-the-Host [RFC6535] implemented in Happy Eyeballs v2) - IPv6-only since iOS 10.2

• Commercial deployments:

– T-Mobile US: +68 Millions of users – Orange – Telstra – SK Telecom – … – Big trials in several ISPs

• 25

DNSSEC Considerations

• DNS64 modifies DNS answers and DNSSEC is designed to

detect such modifications, DNS64 can break DNSSEC

• In general, DNS servers with DNS64 function, by default,

will not synthesize AAAA responses if the DNSSEC OK (DO) flag was set in the query. In this case, as only an A record is available, it means that the CLAT will take the responsibility, as in the case of literal IPv4 addresses, to keep that traffic flow end-to-end as IPv4, so DNSSEC is not broken

• Today no apps in cellular that use DNSSEC, but you should

be ready for that

– Consider apps used by means of tethering – Very relevant for non-cellular networks

• 26

Other Transition Technologies

• 6RD
• DS-Lite
• MAP-E or MAP-T
• …
• No way!

– Not implemented in smartphones – Require using lots of IPv4 addresses – Heavy setup and network overhead, require DHCP – Take less advantage of “multiplexing” IPv4 addresses & ports, than stateful NAT64

• 27

Performance

*FaceBook data

(17/3/2015)

US Mobile Performance – Dual Stack Provider iOS

v6

v4 30%

• iPhone 6 on LTE only
• No Instrumentation of the client
• Examining Client Last Byte Time
• Time it takes for the device to read the

response

• Read all the data for a newsfeed

Time of HTTP GET completion

US Mobile Performance – Dual Stack Provider Android

v6

v4 40%

• Android 4/5
• Galaxy S5 on LTE only
• No Instrumentation of the client
• Examining Client Last Byte Time
• Time it takes for the device to read the

response

• Read all the data for a newsfeed

Time of HTTP GET completion

US Mobile Performance – Dual Stack Provider iOS

v6

v4 40%

• iPhone 6
• Client instrumentation
• No A/B testing
• Mobile Proxygen
• Examining Total Request Time
• Similar to Client Last Byte Time

Total Request Time

• 28

Cost ?

• No CapEx/OpEx

– No need to buy CGN

• NAT64 scales better, you have open source solutions, lower cost

– No need to buy IPv4

• Progressive deployment:

– New phones – Not impacting existing users – Naturally increase your IPv6 traffic

• Decrease IPv4 one
• Billing

– Trunking IPv6 adresses in CDRs – Hash IPv6 addresses in IPv4 records

• 29

Roaming

• Use PCRF (Policy and Charging Control Function)

to selectively enable IPv6 in roaming customers sessions

– Depending on “roaming partner”

• RFC7445

– Analysis of Failure Cases in IPv6 Roaming Scenarios

• 30

Overall IPv6 3G/4G Architecture

• RFC6459: IPv6 in 3rd Generation Partnership Project (3GPP) Evolved

Packet System (EPS)

• UE: User Equipment
• RAN: Radio Access Network (UTRAN, LTE, …)
• SGSN/MME: Serving GPRS Support Node/Mobility Management Entity

– Acts as a “switch”

• GTP: GPRS Tunneling Protocol
• HLR: Home Location Register
• GGSN/EPG: Gateway GPRS Support Node/Evolved Packet Gateway

– Acts as a “router”

RAN PS Domain

SGSN GGSN GTP

IPv6 ISP

NAT64

IPv4 / IPv6 Internet

DNS64 WWW Server

UE

HLR

• 31

UTRAN Core Network

User IPv6 Transport IPv6

IPv4/IPv6 Application Server GGSN Terminal

User plane vs. transport plane

• User and transport planes are completely

independent:

–The transport plane can run on a different IP version than the user plane

• RAN and Core Network transport can also run on

different IP versions

• 32

Application Server GGSN Terminal SGSN UTRAN

GTP-U GTP-U

User IPv6 (PDP type IPv6)

Radio Bearer

Transport of user IP packets

• IP packets to/from the UE are tunneled through the cellular network.
• When an UE attaches to the Network, the SGSN creates a Mobility

Management context containing information pertaining to e.g., mobility and security for the MS.

• At PDP Context Activation (PDP - Packet Data Protocol), the SGSN and

GGSN create a PDP context, containing information about the session (e.g. IP address, QoS, routing information , etc.).

• Each Subscriber may activate several PDP Contexts towards the same
• r different GGSNs.
• When activated towards the same GGSN, they can use the same or

different IP addresses.

• 33

GGSN Terminal SGSN GGSN PDP Context X2 (APN X, IP address X, QoS2) PDP Context X1 (APN X, IP address X, QoS1)

ISP X ISP Z ISP Y

PDP Context Z (APN Z, IP address Z, QoS) PDP Context Y (APN Y, IP address Y, QoS)

APN Y APN Z APN X

Same PDP (IP) address and APN PDP Context selection based on TFT (downstream)

The PDP Context

• PDP context can be IPv4-only (IPv4), IPv6-only (IPv6) or dual-stack

(IPv4v6)

• Dual-stack could also be provided with two PDP contexts (one each

protocol, however it means 2 PDP context licenses)

• 464XLAT works with IPv6-only PDP context (long-term strategy)

• 34

The Access Point Name - APN

• The APN is a logical name referring to a GGSN. The APN

also identifies an external network.

• The syntax of the APN corresponds to a fully qualified name.
• At PDP context activation, the SGSN performs a DNS query

to find out the GGSN(s) serving the APN requested by the terminal.

• The DNS response contains a list of GGSN addresses from

which the SGSN selects one address in a round-robin fashion (for this APN).

• 35

Single APN for Everyone

• Single APN

– Supporting Dual-Stack and Single-Stack – Cellular IPv6 deployment is easy because the network supports whatever the UE ask. – Progressive deployment, as slow or fast as you want

• One new phone, all new phones, then OTA old ones
• DNS supporting RFC7050

– Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis

RAN

GGSN

IPv6 ISP

NAT64

IPv4 / IPv6 Internet

DNS64 WWW Server

IPv4v6

IPv4v6 APN

IPv6 IPv4

• 36

IPv6 Address Allocation Methods

• Stateless Address Autoconfiguration

– Default, /64 for each PDP context – Introduced in GPRS R’99

• Stateful Address Autoconfiguration

– DHCPv6 client in the terminal – Requires DHCPv6 relay agent in the GGSN

• GPRS-specific Address Configuration

– Static Address Configuration

• The UE provides its statically configured IPv6 address at PDP context

activation

– Dynamic Address Allocation

• The IPv6 address is provided by the GGSN at PDP context activation

• 37

BSS/UTRAN UE SGSN GGSN

• 1. Activate PDP Context Request (PDP type = IPv6, PDP Address = empty, APN, ...)
• 2. Create PDP Context Request
• 3. Create PDP Context Response (

PDP address = link-local address, ...)

• 4. Activate PDP Context Accept (PDP Address = link-local address, ...)
• 5. Router Solicitation
• 6. Router Advertisement (M flag = 0, Network prefix, …)
• 7. GGSN-Initiated PDP Context Modification Procedure
• 7. Neighbor Solicitation

Neighbor Solicitation messages shall be discarded by the GGSN except if part of Neighbor Unreachability Detection The UE constructs its full IPv6 address The GGSN updates the SGSN and MT with the full IPv6 address The GGSN shall be configured to advertise only one network prefix The UE extracts the Interface-ID from the link-local address

Stateless Address Auto- configuration

• 38

Tethering

• RFC7278

– Extending an IPv6 /64 Prefix from a Third Generation Partnership Project (3GPP) Mobile Interface to a LAN Link – The UE is switched from an IPv6 host mode to an IPv6 router-and-host mode

• If the UE is also a CLAT, it provides IPv4 service

with private addresses to the “tethered” devices

• 39

BSS/UTRAN UE SGSN GGSN

• 1. Activate PDP Context Request (PDP type = IPv6, PDP Address = empty, APN, ...)
• 2. Create PDP Context Request
• 4. Create PDP Context Response (

PDP address = IPv6 address, ...)

• 5. Activate PDP Context Accept (PDP Address = IPv6 address, ...)
• 3. DHCP and/or RADIUS procedures

For example the GGSN may use RADIUS for user authentication and IP address allocation, or it may use RADIUS for authentication and DHCP for IP address allocation. Alternatively, the address may be allocated from a local pool of addresses in the GGSN.

Dynamic Address Allocation

• 40

Prefix Exclude Option

• If DHCPv6 is used, it may be interesting a single

aggregated route/prefix for each customer, instead

• f using one prefix for the link between the

delegating router and the requesting router and another prefix for the customer network.

• RFC6603

– Prefix Exclude Option for DHCPv6-based Prefix Delegation

• 41

Declare Success

• Traffic moves from IPv4 to IPv6
• Customers never notice anything changed

• 42

IPv6 in Cellular/US

*ISOC/World IPv6 Launch data

• 43

Multiservice Network

… …

464XLAT

PLAT

DNS64/NAT64

… Cellular network 464XLAT Residential network Corporate network

• 44

Example Residential Customer

…

IPv4 + IPv6 2001:db8::/32 198.51.100.0/24 FE80::1/64 Internet LAN Eth1 192.168.1.1 2001:db8:40::41 CPE (CLAT)

Pool IPv4/NAT46: 192.0.0.1/32 Pool IPv6: 2001:db8:2::40/128

2001:db8:1::2 WAN Eth0

Node 1 192.168.1.2/24 2001:db8:40::42/64

BRAS Eth0 198.51.100.10 2001:db8::10

VM PLAT (NAT64 + DNS64)

Pool IPv4/NAT64: 198.51.100.11/32 Prefijo IPv6: 64:ff9b::/96

2001:db8:1::1 Eth1

ISP Network User Network

Traffic Legend Red: IPv6-only Blue: IPv4-only Green: Dual-stack

Node “n” 192.168.1.x/24 2001:db8:40::xx/64

• 45

Thanks!

Contact:

– Jordi Palet: jordi.palet@theipv6company.com